Thousands of serial servers connected to the internet aren’t password protected and lack encryption, leaving data that transfers between them and devices they’re connected to open to snooping, experts warn.
To make matters worse, the servers, manufactured by Taiwan-based networking device company Moxa, have had shoddy security for a while, according to researchers at Rapid7.
Joakim Kennedy, a researcher with Rapid7 disclosed several flaws in the servers via an advisory Thursday, including some vulnerabilities the company initially reported to the Moxa back in 2013 that still linger in the products.
Full Article